Could not complete ssl handshake

This forum is intended for the discussion of Nagios Core development. Feature requests, patches, bug fixes, and all types of development-related discussions are welcome!

NOTE: The SourceForge.net nagios-devel mailing list has been deprecated in favor of this forum in order to expedite support and provide additional features not available on the old mailing list.

Could not complete ssl handshake

Postby chimborah » Fri Jan 05, 2018 8:51 am

Hi All,

This is in continuation of my previous post wherein error message "Error message : Error: Could not complete SSL handshake. 5" is getting written to /var/log/messages every min. All the services are in ok state. The requirement is how to avoid these messages or not to log any of the error messages generated by nrpe in any of the log file.
After upgrading to latest nrpe agent and editing syslog settings to stop logging all of the nrpe messages using the example below for the syslog config file, /var/log/message file is not generating any logs even though rsyslog is working fine. If system logs will not written to /var/log/messages then it is an issue.
Could you please suggest how to resolve this issue.

Code: Select all
*.info;mail.none;authpriv.none;cron.none;nrpe.none                /var/log/messages


Post details:
Code: Select all
https://support.nagios.com/forum/viewtopic.php?f=7&t=43918






viewtopic.php?f=7&t=43918
chimborah
 
Posts: 33
Joined: Tue Oct 02, 2012 7:55 am

Re: Could not complete ssl handshake

Postby npolovenko » Fri Jan 05, 2018 2:14 pm

Hello, @chimborah. I don't see how adding this part nrpe.none could stop all rsyslogs to the messages file. But you could remove that part and restart rsyslog:
Code: Select all
service rsyslog restart

Would that restore logging? Also, since all the nrpe checks are OK, I wonder where the handshake message comes from. Do you happen to have other nrpe checks at all?Perhaps, after you revert the rsyslog settings you could share the messages.log file with us.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
npolovenko
Support Tech
 
Posts: 1705
Joined: Mon May 15, 2017 5:00 pm

Re: Could not complete ssl handshake

Postby chimborah » Wed Jan 10, 2018 4:45 am

Hi npolovenko,

After removing nrpe.none and restart rsyslog it has restore logging. All the services are OS level standard services

Messages file after reverting the changes. Let me know if other information is required.

Code: Select all
[root@HostName log]# cat messages
Jan  9 14:31:12 HostName kernel: imklog 5.8.10, log source = /proc/kmsg started.
Jan  9 14:31:12 HostName rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="29420" x-info="http://www.rsyslog.com"] start
Jan  9 14:33:52 HostName nrpe[29572]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 31950
Jan  9 14:33:52 HostName nrpe[29572]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:33:52 HostName nrpe[29572]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:33:52 HostName nrpe[29572]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:33:53 HostName nrpe[29576]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 1xxx
Jan  9 14:33:53 HostName nrpe[29576]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:33:53 HostName nrpe[29576]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:33:53 HostName nrpe[29576]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:33:53 HostName nrpe[29580]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 4xxx
Jan  9 14:33:53 HostName nrpe[29580]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:33:53 HostName nrpe[29580]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:33:53 HostName nrpe[29580]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:33:53 HostName nrpe[29580]: Error: (!log_opts) Could not complete SSL handshake with 10.x.x.x: 5
Jan  9 14:33:53 HostName nrpe[29582]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 8xxx
Jan  9 14:33:53 HostName nrpe[29582]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:33:53 HostName nrpe[29582]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:33:53 HostName nrpe[29582]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:33:55 HostName nrpe[29584]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 1xxxx
Jan  9 14:33:55 HostName nrpe[29584]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:33:55 HostName nrpe[29584]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:33:55 HostName nrpe[29584]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:33:58 HostName nrpe[29592]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 3xxx
Jan  9 14:33:58 HostName nrpe[29592]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:33:58 HostName nrpe[29592]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:33:58 HostName nrpe[29592]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:34:00 HostName nrpe[29597]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 5xxxx
Jan  9 14:34:00 HostName nrpe[29597]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:34:00 HostName nrpe[29597]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:34:00 HostName nrpe[29597]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:34:01 HostName nrpe[29601]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 1xxxx
Jan  9 14:34:01 HostName nrpe[29601]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:34:01 HostName nrpe[29601]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:34:01 HostName nrpe[29601]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:34:01 HostName nrpe[29603]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 1xxxx
Jan  9 14:34:01 HostName nrpe[29603]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:34:01 HostName nrpe[29603]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:34:01 HostName nrpe[29603]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:34:26 HostName nrpe[29618]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 6xxxx
Jan  9 14:34:26 HostName nrpe[29618]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:34:26 HostName nrpe[29618]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:34:26 HostName nrpe[29618]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:34:26 HostName nrpe[29618]: Error: (!log_opts) Could not complete SSL handshake with 10.x.x.x: 5
Jan  9 14:38:29 HostName nrpe[29721]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 4xxxx
Jan  9 14:38:29 HostName nrpe[29721]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:38:29 HostName nrpe[29721]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:38:29 HostName nrpe[29721]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:38:29 HostName nrpe[29721]: Error: (!log_opts) Could not complete SSL handshake with 10.x.x.x: 5
Jan  9 14:38:55 HostName nrpe[29727]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port xxxx
Jan  9 14:38:55 HostName nrpe[29727]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:38:55 HostName nrpe[29727]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:38:55 HostName nrpe[29727]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:38:58 HostName nrpe[29731]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 2xxxx
Jan  9 14:38:58 HostName nrpe[29731]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:38:58 HostName nrpe[29731]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:38:58 HostName nrpe[29731]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:38:58 HostName nrpe[29735]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 3xxxx
Jan  9 14:38:58 HostName nrpe[29735]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:38:58 HostName nrpe[29735]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:38:58 HostName nrpe[29735]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:38:58 HostName nrpe[29735]: Error: (!log_opts) Could not complete SSL handshake with 10.x.x.x: 5
Jan  9 14:38:58 HostName nrpe[29737]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 4xxxx
Jan  9 14:38:58 HostName nrpe[29737]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:38:58 HostName nrpe[29737]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:38:58 HostName nrpe[29737]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:39:00 HostName nrpe[29739]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 5xxxx
Jan  9 14:39:00 HostName nrpe[29739]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:39:00 HostName nrpe[29739]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:39:00 HostName nrpe[29739]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:39:04 HostName nrpe[29756]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 3xxxx
Jan  9 14:39:04 HostName nrpe[29756]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
chimborah
 
Posts: 33
Joined: Tue Oct 02, 2012 7:55 am

Re: Could not complete ssl handshake

Postby npolovenko » Wed Jan 10, 2018 2:06 pm

@chimborah I don't see any non-nrpe entries in the messages log file. Maybe you just didn't have any system log entries there recently? Can you show us the service checks definitions for the host AF_INET? Also, are you running nrpe under xinetd by any chance? If so take a look at the Xinetd Per Source Limit part of this article: https://support.nagios.com/kb/article/n ... e-615.html
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
npolovenko
Support Tech
 
Posts: 1705
Joined: Mon May 15, 2017 5:00 pm


Return to Nagios Core Development

Who is online

Users browsing this forum: No registered users and 4 guests